VAR-201502-0245
Vulnerability from variot - Updated: 2023-12-18 13:19Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek 'HART DTM' Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. An attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vector device type manager",
"scope": "eq",
"trust": 1.6,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "12400 level transmitter device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "1.00.0"
},
{
"model": "bullet device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "mactek",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner device type manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ge",
"version": "2.00.1"
},
{
"model": "12400 level transmitter dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "svi ii ap positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "2.00.1"
},
{
"model": "svi1000 positioner dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "vector dtm",
"scope": "eq",
"trust": 0.8,
"vendor": "general electric",
"version": "1.00.0"
},
{
"model": "bullet wirelesshart device type manager",
"scope": "eq",
"trust": 0.8,
"vendor": "mactek",
"version": "(dtm) 1.00.0"
},
{
"model": "electric mactek bullet dtm",
"scope": "eq",
"trust": 0.6,
"vendor": "general",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "12400 level transmitter device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "svi ii ap positioner device type manager",
"version": "2.00.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vector device type manager",
"version": "1.00.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "bullet device type manager",
"version": "1.00.0"
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ge:12400_level_transmitter_device_type_manager:1.00.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:svi_ii_ap_positioner_device_type_manager:2.00.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ge:vector_device_type_manager:1.00.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mactek:bullet_device_type_manager:1.00.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alexander Bolshev",
"sources": [
{
"db": "BID",
"id": "72524"
}
],
"trust": 0.3
},
"cve": "CVE-2014-9203",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-9203",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00995",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-9203",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the Field Device Tool (FDT) Frame application in the HART Device Type Manager (DTM) library, as used in MACTek Bullet DTM 1.00.0, GE Vector DTM 1.00.0, GE SVi1000 Positioner DTM 1.00.0, GE SVI II AP Positioner DTM 2.00.1, and GE 12400 Level Transmitter DTM 1.00.0, allows remote attackers to cause a denial of service (DTM outage) via crafted packets. General Electric Company is a manufacturer of electrical equipment, electrical and electronic equipment. General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have a denial of service vulnerability that an attacker can use to cause an affected system to stop responding and initiate a denial of service attack. \nAn attacker can exploit this issue to cause the affected system to become unresponsive, resulting in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-9203",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01",
"trust": 2.7
},
{
"db": "BID",
"id": "72524",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2015-00995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSA-15-036-01A",
"trust": 0.3
},
{
"db": "IVD",
"id": "A3A0AD20-2351-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"id": "VAR-201502-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
}
]
},
"last_update_date": "2023-12-18T13:19:50.480000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GEOG 15-01_Security_Advisory_HART DTM",
"trust": 0.8,
"url": "http://d3qm6x350yyq59.cloudfront.net/sites/geog.dev.local/files/geog_15-01_security_advisory_hart_dtm.pdf"
},
{
"title": "Download Center",
"trust": 0.8,
"url": "http://www.ge-mcs.com/en/download.html"
},
{
"title": "Bullet_DTM_1_00_1.exe",
"trust": 0.8,
"url": "https://mactekcorp.com/downloadfiles/bullet_dtm_1_00_1.exe"
},
{
"title": "BULLET WirelessHART Adapter",
"trust": 0.8,
"url": "https://mactekcorp.com/product6a.php"
},
{
"title": "General Electric (GE) and MACTek \u0027HART DTM\u0027 Library have patches for denial of service vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/55174"
},
{
"title": "VECTOR_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53668"
},
{
"title": "SVI_II_AP_DTM_Installer_V2.10.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53671"
},
{
"title": "SVi1000_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53670"
},
{
"title": "12400_DTM_Installer_V1.00.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=53669"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01"
},
{
"trust": 1.6,
"url": "http://www.geoilandgas.com/securityadvisory"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9203"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9203"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/72524"
},
{
"trust": 0.3,
"url": "http://www.ge.com/"
},
{
"trust": 0.3,
"url": "https://mactekcorp.com/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-036-01a"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"db": "BID",
"id": "72524"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-07T15:59:00.050000",
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00995"
},
{
"date": "2015-02-05T00:00:00",
"db": "BID",
"id": "72524"
},
{
"date": "2015-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007859"
},
{
"date": "2015-02-09T19:26:44.123000",
"db": "NVD",
"id": "CVE-2014-9203"
},
{
"date": "2015-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MACTek Bullet DTM And multiple GE DTM Used in products HART DTM Buffer overflow vulnerability in library",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007859"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "a3a0ad20-2351-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-133"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…